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DETAILED ACTION 



1. 



This correspondence is in response to Amendments and REMARKS filed on Dec' 12, 2008. 



2. 



Claims 1-7 and 9 are cancelled; Claims 10 and 20 are amended; and Claims 23-25 are new. 



3. 



Claims 10-12, 14, 17 and 20-25 are pending. 



Response to Arguments 



4. 



Applicant's arguments with respect to the pending claims have been considered but are moot in 



view of the new ground(s) of rejection. 



Claim Rejections - 35 USC §103 



5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 10-12, 14, 17 and 20-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bahl 
et al. (US 7,020,464 B2 - "Bahl") in view of Colie et al. (US 6,108,300 - " Colie ") 

As per Claim 10 , Bahl teaches, 

A method for maintaining secure network connections, the method comprising: duplicating [see 
for example, col. 2, lines 39-45], at the third network element [see Correspondent Host 72 and 122 in 
FIGS. 2 and 3, respectively], a security association [see Security Associations 86 and 84 in FIG.2; and 
see also IPSEC/ISKAMP SAs in FIG. 3] associated with a secure network connection between a first 
network element [see Mobile Host 70 and 120 in FIGS. 2 and 3, respectively] and a second network 
element [Access Point 156 in FIG. 3], wherein a lookup of the security association associated with the 
secure network connection [see secured control channel 96 in FIG.2] is not dependent on any destination 
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address [see FIGS.4A and 4B - where Bahl discloses SA end points that are not dependent on any 
destination address], wherein the secure network connection between the first network element and the 
third network element is based on the duplicated security association [see for example, col. 2, lines 39-45; 
col. 6, lines 33-34 and col. 6, lines 44-47]. 

Bahl is silent about replacing the second network element with the third network element in the 
secure network connection with the first network element in response to detecting failure of the second 
network element. However, in the same filed of endeavor, Colie teaches replacing the second network 
element with the third network element in the secure network connection with the first network element in 
response to detecting failure of the second network element [see abstract and FIG.1 - where Colie 
discloses transferring network services to a backup network device when a primary network device fails]. 
Therefore, it would have been obvious to a person having ordinary skill in the art, at the time of 
Applicant's invention was made, to modify the system of Bahl by incorporating the teaching of Colie in 
order to prohibit network failure by replacing failed device a backup network device [see at least abstract 
of Colie]. 

As per Claim 12 , Bahl-Colie combination teaches, 

A method for maintaining secure network connections, the method comprising: configuring a 
plurality of security gateways [Access Point 156 in FIG. 3 - Bahl discloses 156 as access points; see for 
example, col. 8, lines 51-61] such that a lookup of security associations is not dependent on any 
destination address [see for example, col. 2, lines 39-45; col. 6, lines 33-34 and col. 6, lines 44-47 of Bahl]; 
and sharing at least one security association [see Security Associations 86 and 84 in FIG. 2; and see 
also IPSEC/ISKAMP SAs in FIG. 3 of Bahl] among the plurality of security gateways [see FIGS.1 and 2; 
and for example, col. 5, lines 16-19 - where Bahl discloses one or more correspondent hosts. See also 
Server 112a and 112b of Coilie]. 



As per Claim 22 , Bahl-Colie combination teaches, 
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A first security server comprising: a transceiver [see for example, col. 8, lines 51-67 - where Bahl 
disclose DHCP server] to receive information relating to at least one security association [see Security 
Associations 86 and 84 in FIG.2; and see also IPSEC/ISKAMP SAs in FIG. 3 of Bahl] of a secure 
network connection [see secured control channel 96 in FIG.2 of Bahl] between a mobile client [MH of 
Bahl] and a second security server [access points of Bahl]; and a processor module to: monitor operation 
of the second, security server; in response to detecting failure of the second security server [see Primary 
Network Device 110 in FIG.1 of Colie], send a message to the mobile client [see Client in FIG.1 of 
Colie] that the first security server [see Backup Network Device 120 in FIG.1 of Colie] is taking over the 
secure network connection [see abstract of Colie]; and communicate with the mobile client using the at 
least one security association over the secure network connection between the first security server and 
the mobile client [see abstract and FIGS. 2-5 - where Bahl discloses communicating between the MH and 
CH/or access points/ is based on security associations]. 

As per Claim 11 , Bahl-Colie combination teaches, 

sending at least one secure message from the third network element to the first network element 
to notify the first network element that the secure network connection will be taken over by the third 
network element [see abstract and FIG.1 of Colie]. 

As per Claim 14 , Bahl-Colie combination teaches, 

wherein a lookup of security associations is not dependent on any destination address [see 
FIGS.4A and 4B - where Bahl discloses SA end points that are not dependent on any destination 
address]. 

As per Claim 17 , Bahl-Colie combination teaches, 

wherein communications between the mobile client and the first security server are based on a 
security architecture for the internet protocol (IPsec) [see IPSEC SAs in FIG. 3; and for example, col. col. 8, 
lines 26-50]. 
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Claim 25 is rejected for the same reasons applied to the rejection of Claim 17. 
As per Claim 20 , 

during life of the secure network connection between the first and second network elements, the 
third network element receiving information relating to the security association of the secure network 
connection from the second network element [see FIGS.2-4B of Bahl]. 

As per Claim 21 , Bahl-Colie combination teaches, 

wherein the first network element is a mobile client [see MH in FIGS. 2 and 3 of Bahl; and Client 
in FIG.1 of Colie], and the second and third network elements are security servers [Bahl discloses 
access points and DHCP server. See also FIG.1 of Colie where network elements are disclosed as 
servers]. 

Claim 23 is rejected for the same reasons applied to the rejection of Claim 21 . 
As per Claim 24 , Bahl-Colie combination teaches, 

wherein information relating to the at least one security association is duplicated at the first and 
second security servers [see for example, col.2, lines 39-45; col. 6, lines 33-34 and col. 6, lines 44-47 of 
Bahl]. 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
(See PTO-892). 

CONTACT INFORMATION 

7. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to AMARE TABOR whose telephone number is (571 )270-31 55. The examiner can normally 
be reached on Mon-Fri 8:00a.m. to 5:00p.m., EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 

Amare Tabor 
(AU 2439) 

/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



